<?php
    @session_start();
    require_once 'shared-functions.php';
    require_once 'session.php';
    require_once 'masterpage.php';

    if(!IsValidSession())
    {
        header('Location: login.php?page=user-selector');
        exit();
    } 
    else
    {
		RefreshSession();
    }

    masterpage("Manage Users");
	
	if(isset($_GET['page']))
	{
		$destination = $_GET['page'].".php";
		$page = $_GET['page'];
	}
	else
	{
		$destination = "edit-profile.php";
		$page = "edit-profile";
	}
	
?>

	<a href="add-new-user.php">Add New User<a/>
	<p />
	<form action="user-selector.php?page=<?php echo $page; ?>" method="post">
		<input type="text" name="txtQuery" id="txtQuery" size="25" />
		<input type="submit" value="Search" />
         Active: <input type="checkbox" name="active" value="active" checked />
	</form>
	<br />
<?php	
	$link = connect_db();
	$query = "SELECT `UserId`, `UserName`, `Password`, `PrivilegeLevel`, `FirstName`, `MiddleName`, `LastName`, `Active` FROM `User`
				 WHERE `Active` = '1'";
	if(isset($_POST['txtQuery']))
	{
        if(isset($_POST['active']))
        {
            $active = 1;
        }
        else
        {
            $active = 0;
        }
        
        $query = "SELECT `UserId`, `UserName`, `Password`, `PrivilegeLevel`, `FirstName`, `MiddleName`, `LastName`, `Active` FROM `User`
				 WHERE `Active` = '".$active."'";
		$query .= " AND (`UserId` LIKE '%".$_POST['txtQuery']."%'";
		$query .= " OR `UserName` LIKE '%".$_POST['txtQuery']."%'";
		$query .= " OR `PrivilegeLevel` LIKE '%".$_POST['txtQuery']."%'";
		$query .= " OR `FirstName` LIKE '%".$_POST['txtQuery']."%'";
		$query .= " OR `MiddleName` LIKE '%".$_POST['txtQuery']."%'";
		$query .= " OR `LastName` LIKE '%".$_POST['txtQuery']."%')";
	}
    $users = mysql_query($query,$link);
    if(!$users)
    {
        echo "Oops...something went wrong. Please contact support.";
        exit();
    }
	
	echo "<table class='DataList'>";
    echo "  <thead>";
	echo '	 <tr><th class="header" colspan="7">Select a User</th></tr>';
    echo "    <tr><th class='header'> </th><th class='header'>Id</th><th class='header'>UserName</th><th class='header'>Privilege Level</th>";
	echo "	  <th class='header'>First Name</th><th class='header'>Middle Name</th><th class='header'>Last Name</th></tr>";
    echo "  </thead>";
    echo "  <tbody>";

    if(mysql_num_rows($users) < 1)
    {
        echo '<tr><td class="rows">No users found.</td><td class="rows">&nbsp;</td><td class="rows">&nbsp;</td></tr>';
    }

	$rowID = 0;
    while($tblrow = mysql_fetch_array($users,MYSQL_BOTH))
    {
	
	  if ($rowID == 0)
		{
			$rowClass = "rows";
			$rowID++;
		}
		else
		{
			$rowClass = "altrows";
			$rowID--;
		}
		
	  echo "<form action='".$destination."' method='POST'>";
	  echo "<input type='hidden' name='id' value='$tblrow[UserId]'/>";
	  echo "<tr><td class='$rowClass'><input type='submit' value='Edit'/></td>";
	  echo "<td class='$rowClass'>$tblrow[UserId]</td>";
	  echo "<td class='$rowClass'>$tblrow[UserName]</td>";
	  echo "<td class='$rowClass'>".GetGroupNameFromPrivLevel($tblrow['PrivilegeLevel'])."</td>";
	  echo "<td class='$rowClass'>$tblrow[FirstName]</td>";
      if($tblrow['MiddleName'] == null)
        echo "<td class='$rowClass'>&nbsp;</td>";
      else
        echo "<td class='$rowClass'>$tblrow[MiddleName]</td>";
      echo "<td class='$rowClass'>$tblrow[LastName]</td></tr>";
	  echo "</form>";
    }

    echo "  </tbody>";
    echo "</table>";

	endmasterpage();
?>

